On Tuesday night, President Barack Obama appeared before the American people and again acknowledged digital data theft and data destruction as one of the most important issues facing the nation:

No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information.

It was a rallying cry for greater “cybersecurity.” But according to many security experts, “security” and the specific cybersecurity proposal the president unveiled last week could be a pretext for expanded, unchecked surveillance that may not actually make the nation safer. The ideas in the proposal face no strong political resistance especially since the information-collection organism would not be the government itself but rather private companies reporting user information to the government.

What prompted the inclusion of cybersecurity in the address? The president has been restrained in his discussions of what some consider to be the most significant cyber attack on a U.S. entity in recent memory, the Sony hack. (Sony Pictures is a sub unit of Sony America and is still ultimately part of the Sony parent company, which is Japanese.) Obama called the hack an act of “cyber vandalism” not tantamount to war.

But in the days leading up to the State of the Union address, the Obama administration released a cybersecurity proposal, which will be sent to Congress, that speaks directly to the Sony incident. The key component of the proposal is, indeed, “integration.” Specifically, it affords private companies liability protection to share information with the Homeland Security Department’s National Cybersecurity and Communications Integration Center.

The chief of the NSA’s Tailored Access Division Robert Joyce, has described the Sony hack as a key moment that will fundamentally change the way the United States deals with the murky threat posed by shadowy enemies with laptops. It was, in popular if clichéd Washington, D.C., parlance, “a game changer.” Joyce was not alone in that assessment.

“We had seen cyber attacks but we’ve never seen a nation-state…destroy data,” former Michael Rogers, a Republican representative from Michigan, told a group at the Bipartisan Policy Center in Washington, D.C., last week. It was that willful destruction of data, as opposed to simply theft, that elevated the Sony hack to an incident more urgent than any of the recent high-profile attacks that had affected major corporations, which were aimed primarily at the theft of data for narrow, mercantile purposes.

Rogers, a seven-term congressman, has indicated he would be leaving the House for greener (sounding) pastures in radio. But during his tenure, where he served as the head of the House Intelligence Committee, he earned a reputation as one the National Security Agency’s most stalwart allies at the agency’s moment of greatest shame.

The bill that perhaps best characterized that reputation, H.R. 3523, the Cyber Intelligence Sharing and Protection Act, or CISPA, never actually became law, having stalled in the Senate after passing the House. It would have granted liability protections to corporations that would then be able to share that information with the government, specifically the Department of Homeland Security.

It was an idea that predates Rogers and CISPA—in 2008, the Bush White House put out National Security Presidential Directive – 54 that outlined the U.S. interest in information sharing in the name of cybersecurity. But it was Rogers who refined it and pushed to enshrine it in legislation.

CISPA would give companies the freedom to share user data with the DHS where the info could then go to virtually any other law enforcement agency for use in any investigation related to crimes from drug trafficking to copyright infringement. It sent a clear message to some of America’s biggest companies: “We need you to do our spying for us.”

Privacy advocates argued that the bill’s language was too broad. It would allow every company from Google to Apple to Facebook to share information on their users with the government outside of the parameters of the Electronics Communications Privacy Act as well as the Wiretap Act.

In April 2012, the president vowed that if the bill made it to his desk, he would veto it: “Cybersecurity and privacy are not mutually exclusive. Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation’s core critical infrastructure from cyber threats. Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form.”

Last week, Americans watched much of that resolve wither away. The proposal that the president rolled out shares a lot in common with CISPA with one exception: It purports to anonymize data. But the White House proposal would still allow for the sharing of user data with the government outside of privacy laws.

What sort of information does the new proposal promise to share, or rather integrate? In a call with reporters, a White House official said that the information would “primarily” not be content.

"We had seen cyber attacks but we've never seen a nation-state... destroy data."

Shareable information does include anything that falls under the category of cyber threat indicator, which includes any data relating to “malicious reconnaissance, including communications that reasonably appear to be transmitted for the purpose of gathering technical information related to a cyber threat,” which could mean everything from attempting to access restricted files to—possibly—asking fairly routine questions about how a site runs or what a company does with user data.

“The White House proposal relies heavily on privacy guidelines that are currently unwritten. What these guidelines say and when they are applied will be critical to protecting Internet users. Privacy protections and use restrictions must be in effect before information sharing occurs,” Harley Geiger, the senior counsel for the Center for Democracy and Technology said in a press release following the announcement.

Other privacy advocates were quick to call the proposal unnecessary, as companies can already share information related to threats with the government (but within the parameters of the Privacy Act). More disturbing for many in the technology community was a provision in the legislation to amend RICO laws in a way that could charge hackers, computer scientists, or just curious users with felonies just for finding—or searching for—security errors in web sites or services.

Jeff Moss, the founder of the famous Black Hat and DEFCON conference, expressed such concern to Defense One. Every year Black Hat and DEFCON bring together thousands of hackers from around the world to showcase their research into cyber vulnerabilities. The events together comprise the one of the best forums to expose such vulnerabilities.

“I do worry about its chilling effects if enacted into law. Unless there is a carve out for research, the liability for clicking on links to security tools alone is worrying…even more so if RICO style laws are applied due to their broad nature and potential for abuse by aggressive prosecutors. We have had many decades to get used to prosecuting organized crime, but prosecuting technical computer crime is newer and harder to explain to juries. In that regard clear and easy to understand ‘red lines’ while more simplistic might be a better place to start,” said Moss.

In other words, the legislation could actually make the Internet less secure by criminalizing research into vulnerabilities.

Mark Jaycox, of the Electronic Frontier Foundation, concurred that provisions in the legislation may “chill the computer security research that is a central part of our best defense against computer crime.” Jaycox writes that the legislation could make you a felon for “sharing your HBO GO password.” He adds that “the expansion of the definition may impact researchers who commonly scan public websites to detect potential vulnerabilities. These researchers should not have to face a felony charge if a prosecutor thinks they should have known the site prohibited scanning.”

The single section that makes the White House proposal somewhat more palatable than CISPA is the provision demanding that user data “establish a process to anonymize and safeguard information.”

But anonymization may offer false reassurance. In fact, researchers have shown that anonymization in data is something of a joke. In a 2013 paper published in the Nature Scientific Reports, MIT researchers Yves-Alexandre de Montjoye and César A. Hidalgo, discuss an experiment where they took a random sample of 1.5 million cell users over 15 months and found that, when locational cellphone data is anonymized, just four data points—information created by the anonymous user—was enough to effectively reveal the users’ identity 95 percent of the time.

“I agree, 100 percent. The way the data comes in, there isn’t a whole lot of benefit. Why make a law that says anonymize it,” said Robert Twitchell, CEO of Dispersive Technologies.

One of the key benefits of sharing cyber information with other investigative bodies is affixing attribution, which permanent anonymization would undermine.

"The White House proposal relies heavily on privacy guidelines that are currently unwritten."

Moreover, the information that the public shares with the DHS, if it is in fact related to some future cybersecurity event, would likely be shared with the NSA. According to the White House, that sharing, or integration, would be “as close to real time as possible.”

How do we know that the NSA would be one of—if not the—main recipient? Remember when the Federal Bureau of Investigation expressed a high degree of confidence that the attack could be attributed to North Korea? You could be forgiven for thinking that it was, in fact, the FBI that reached that conclusion. But according to recently revealed documents, the NSA did the work.

As David Sanger and Martin Fackler report in The New York Times, the NSA was accessing North Korean networks, communications, and cyber operations for years prior to the Sony hack. That’s what allowed the United States to so quickly attribute the attacks to North Korea, though many still claim the U.S. is overlooking evidence of an inside job. But it wasn’t enough to allow them to actually stop the attack.

Not every lawmaker agrees that the Sony hack serves as justification for an information sharing bill, especially one that could put people’s privacy in danger. Zoe Lofgren, a Democratic representative from California who represents parts of San Jose (Silicon Valley) told The Hill: “I fear we may have taken the wrong lesson from these recent high-profile attacks. These attacks were not the result of a missed opportunity to share information, but rather caused by substantial and obvious security failures and a culture of treating cyber security as an afterthought.”

At the Bipartisan Policy Center event, former Central Intelligence Agency director Michael Hayden bullishly predicted that some form of information sharing would pass this year. Both political and public concerns about privacy and overreaching agencies have given way to worries about lost data and remotely hijacked infrastructure. “We are entering the post-Snowden era,” he claimed.

Rogers himself was more cautious but he acknowledged that the involvement of the president in passing cyber-sharing legislation was a “significant change,” possibly enough to push something through.

Will Hurd, a Republican representative from Texas, told Defense One that the president’s comments during the State of the Union suggest a softening on CISPA: “I'm hoping that the president’s comments suggest he’s not going to veto CISPA. I think this is an area that the president and Congress can work together.” Hurd, a former CIA operative, is considered a rising star specifically on issues related to cybersecurity.

Hurd, however, has also expressed some hesitation about some of the more hawkish elements of the proposal. In discussing the potential changes in RICO law, he was dim on any proposal that might harm cybersecurity research. “We don’t want to limit that. I think Black Hat is a very helpful forum where you have all of this research, they’re looking at the cutting edge procedures in this space. It’s a great forum for understanding where it’s going on. This is one of those areas where reasonable people can be reasonable people.”

Following the event at the Bipartisan Policy Center, Rogers loitered for a bit to glad-hand friends and fans who wished him well in his new career. As he got on to an elevator, Defense One asked him if he felt at all validated that the president’s proposal so closely resembled Rogers’s bill, the one that the president had vowed to veto. Rogers looked off into the distance and smiled wistfully. “Success has many fathers,” he said as the doors closed in front of him.

Most Popular

Should you drink more coffee? Should you take melatonin? Can you train yourself to need less sleep? A physician’s guide to sleep in a stressful age.

During residency, Iworked hospital shifts that could last 36 hours, without sleep, often without breaks of more than a few minutes. Even writing this now, it sounds to me like I’m bragging or laying claim to some fortitude of character. I can’t think of another type of self-injury that might be similarly lauded, except maybe binge drinking. Technically the shifts were 30 hours, the mandatory limit imposed by the Accreditation Council for Graduate Medical Education, but we stayed longer because people kept getting sick. Being a doctor is supposed to be about putting other people’s needs before your own. Our job was to power through.

The shifts usually felt shorter than they were, because they were so hectic. There was always a new patient in the emergency room who needed to be admitted, or a staff member on the eighth floor (which was full of late-stage terminally ill people) who needed me to fill out a death certificate. Sleep deprivation manifested as bouts of anger and despair mixed in with some euphoria, along with other sensations I’ve not had before or since. I remember once sitting with the family of a patient in critical condition, discussing an advance directive—the terms defining what the patient would want done were his heart to stop, which seemed likely to happen at any minute. Would he want to have chest compressions, electrical shocks, a breathing tube? In the middle of this, I had to look straight down at the chart in my lap, because I was laughing. This was the least funny scenario possible. I was experiencing a physical reaction unrelated to anything I knew to be happening in my mind. There is a type of seizure, called a gelastic seizure, during which the seizing person appears to be laughing—but I don’t think that was it. I think it was plain old delirium. It was mortifying, though no one seemed to notice.

A report will be shared with lawmakers before Trump’s inauguration, a top advisor said Friday.

President Obama has asked intelligence officials to perform a “full review” of election-related hacking, a top advisor told reporters Friday. The White House will share a report of its findings with lawmakers before Obama leaves office on January 20, 2017, she said.

Lisa Monaco, the president’s advisor for homeland security, made the comments at a Christian Science Monitor event. They were first reported by Politico and The Hill.

Last week, every Democrat (and a Democrat-aligned Independent) on the Senate Intelligence Committee called on the White House to declassify and release more information about Russia’s involvement in the U.S. elections. It’s not clear whether the review announced Friday is connected to the letter from the committee members.

His paranoid style paved the road for Trumpism. Now he fears what’s been unleashed.

Glenn Beck looks like the dad in a Disney movie. He’s earnest, geeky, pink, and slightly bulbous. His idea of salty language is bullcrap.

The atmosphere at Beck’s Mercury Studios, outside Dallas, is similarly soothing, provided you ignore the references to genocide and civilizational collapse. In October, when most commentators considered a Donald Trump presidency a remote possibility, I followed audience members onto the set of The Glenn Beck Program, which airs on Beck’s website, theblaze.com. On the way, we passed through a life-size replica of the Oval Office as it might look if inhabited by a President Beck, complete with a portrait of Ronald Reagan and a large Norman Rockwell print of a Boy Scout.

“Well, you’re just special. You’re American,” remarked my colleague, smirking from across the coffee table. My other Finnish coworkers, from the school in Helsinki where I teach, nodded in agreement. They had just finished critiquing one of my habits, and they could see that I was on the defensive.

I threw my hands up and snapped, “You’re accusing me of being too friendly? Is that really such a bad thing?”

“Well, when I greet a colleague, I keep track,” she retorted, “so I don’t greet them again during the day!” Another chimed in, “That’s the same for me, too!”

Unbelievable, I thought. According to them, I’m too generous with my hellos.

When I told them I would do my best to greet them just once every day, they told me not to change my ways. They said they understood me. But the thing is, now that I’ve viewed myself from their perspective, I’m not sure I want to remain the same. Change isn’t a bad thing. And since moving to Finland two years ago, I’ve kicked a few bad American habits.

Why the ingrained expectation that women should desire to become parents is unhealthy

In 2008, Nebraska decriminalized child abandonment. The move was part of a "safe haven" law designed to address increased rates of infanticide in the state. Like other safe-haven laws, parents in Nebraska who felt unprepared to care for their babies could drop them off in a designated location without fear of arrest and prosecution. But legislators made a major logistical error: They failed to implement an age limitation for dropped-off children.

Within just weeks of the law passing, parents started dropping off their kids. But here's the rub: None of them were infants. A couple of months in, 36 children had been left in state hospitals and police stations. Twenty-two of the children were over 13 years old. A 51-year-old grandmother dropped off a 12-year-old boy. One father dropped off his entire family -- nine children from ages one to 17. Others drove from neighboring states to drop off their children once they heard that they could abandon them without repercussion.

Why did Trump’s choice for national-security advisor perform so well in the war on terror, only to find himself forced out of the Defense Intelligence Agency?

How does a man like retired Lieutenant General Mike Flynn—who spent his life sifting through information and parsing reports, separating rumor and innuendo from actionable intelligence—come to promote conspiracy theories on social media?

Perhaps it’s less Flynn who’s changed than that the circumstances in which he finds himself—thriving in some roles, and flailing in others.

In diagnostic testing, there’s a basic distinction between sensitivity, or the ability to identify positive results, and specificity, the ability to exclude negative ones. A test with high specificity may avoid generating false positives, but at the price of missing many diagnoses. One with high sensitivity may catch those tricky diagnoses, but also generate false positives along the way. Some people seem to sift through information with high sensitivity, but low specificity—spotting connections that others can’t, and perhaps some that aren’t even there.

The president-elect has chosen Andrew Puzder, a vocal critic of minimum-wage hikes and new overtime rules.

Updated on December 9, 2016

President-Elect Donald Trump announced Thursday evening that he picked Andrew Puzder, the CEO of CKE Restaurants, which owns fast-food chains Carl’s Jr. and Hardee’s, to lead the U.S. Department of Labor. Puzder—like several of Trump’s other nominees—is a multi-millionaire and Washington outsider who served as an adviser and fundraiser during the presidential campaign. While there’s no political record to indicate how Puzder thinks about the labor market, his remarks as a business executive give some indication of the stances he’ll take on several important labor issues.

If confirmed, Puzder will likely take a pro-business, anti-labor, approach to steering the federal agency tasked with protecting American workers and their jobs, which clashes with Trump’s populist campaign message of fighting for blue-collar workers. Puzder has been a vocal defender of Trump’s economic policies, including lowering the corporate-tax rate, and has opposed Obamacare and certain business regulations, such as a higher minimum wage. Puzder has argued against raising the minimum wage and offering paid leave and health insurance to employees. Efforts to increase the minimum wage, he writes, will hurt everyone, especially low-skilled workers, because “businesses will have to figure out the best way to deal with the high labor costs.” Those changes, he says, will lead to price increases, more efficient labor management, and automation.

Since the end of World War II, the most crucial underpinning of freedom in the world has been the vigor of the advanced liberal democracies and the alliances that bound them together. Through the Cold War, the key multilateral anchors were NATO, the expanding European Union, and the U.S.-Japan security alliance. With the end of the Cold War and the expansion of NATO and the EU to virtually all of Central and Eastern Europe, liberal democracy seemed ascendant and secure as never before in history.

Under the shrewd and relentless assault of a resurgent Russian authoritarian state, all of this has come under strain with a speed and scope that few in the West have fully comprehended, and that puts the future of liberal democracy in the world squarely where Vladimir Putin wants it: in doubt and on the defensive.

Democrats who have struggled for years to sell the public on the Affordable Care Act are now confronting a far more urgent task: mobilizing a political coalition to save it.

Even as the party reels from last month’s election defeat, members of Congress, operatives, and liberal allies have turned to plotting a campaign against repealing the law that, they hope, will rival the Tea Party uprising of 2009 that nearly scuttled its passage in the first place. A group of progressive advocacy groups will announce on Friday a coordinated effort to protect the beneficiaries of the Affordable Care Act and stop Republicans from repealing the law without first identifying a plan to replace it.

They don’t have much time to fight back. Republicans on Capitol Hill plan to set repeal of Obamacare in motion as soon as the new Congress opens in January, and both the House and Senate could vote to wind down the law immediately after President-elect Donald Trump takes the oath of office on the 20th.

Trinidad has the highest rate of Islamic State recruitment in the Western hemisphere. How did this happen?

This summer, the so-called Islamic State published issue 15 of its online magazine Dabiq. In what has become a standard feature, it ran an interview with an ISIS foreign fighter. “When I was around twenty years old I would come to accept the religion of truth, Islam,” said Abu Sa’d at-Trinidadi, recalling how he had turned away from the Christian faith he was born into.

At-Trinidadi, as his nom de guerre suggests, is from the Caribbean island of Trinidad and Tobago (T&T), a country more readily associated with calypso and carnival than the “caliphate.” Asked if he had a message for “the Muslims of Trinidad,” he condemned his co-religionists at home for remaining in “a place where you have no honor and are forced to live in humiliation, subjugated by the disbelievers.” More chillingly, he urged Muslims in T&T to wage jihad against their fellow citizens: “Terrify the disbelievers in their own homes and make their streets run with their blood.”